⚙️Live webinar: AI governance in controlled environments: The next compliance challenge. Register now
Back to marketplace
MarketplacePrivacy
PrivacyRegulationIn 6clicks App

India - (DPDP) RulesIndia - Digital Personal Data Protection (DPDP) Rules

The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.

Book a strategy callView source ↗

The Digital Personal Data Protection Rules, 2025 create the practical framework for implementing India’s data privacy regime under the DPDP Act, 2023. The Rules require organizations (“data fiduciaries”) to obtain clear and informed consent, provide transparent privacy notices, limit data use to specified purposes, implement security safeguards, and enable individuals to exercise rights over their personal data.

The Rules introduce requirements for reporting personal data breaches, managing consent withdrawal, retaining and deleting data appropriately, and protecting children’s data through verifiable parental or guardian consent. They also regulate cross-border transfers of personal data and establish operational procedures for the Data Protection Board of India to oversee compliance, investigate violations, and address grievances.

Implementation is phased over multiple years, allowing organizations time to adapt compliance programs, governance processes, and technical controls. Overall, the Rules aim to strengthen privacy protection, accountability, and responsible digital data use while balancing individual rights with legitimate data processing needs in India’s digital economy.

#privacy#cybersecurity#India#data protection#compliance#governance#digital regulation#privacy law#data security#DPDP Act#personal data#risk management

Related in Privacy

PrivacyLawIn 6clicks App

India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)

The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.

Issuer
Government of India
Jurisdiction
India
Version
2023
Updated
Aug 2023
View detailsprivacy · cybersecurity
PrivacyLawIn 6clicks App

Privacy Act

The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.

Issuer
Government of Canada
Jurisdiction
Canada
Updated
Jun 2025
View detailspersonal information · government
PrivacyLawIn 6clicks App

UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data

The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.

Issuer
UAE Data Office
Jurisdiction
United Arab Emirates
Version
20 Sep 2021
View detailsdata protection · privacy